appelsinbrus Skrevet 19. juli 2008 Del Skrevet 19. juli 2008 ComboFix 08-07-19.1 - Johan Braseth 2008-07-20 0:33:26.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.503 [GMT 2:00] Running from: C:\Documents and Settings\Johan Braseth\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000006_.tmp.dll C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000009_.tmp.dll C:\WINDOWS\system32\_000010_.tmp.dll C:\WINDOWS\system32\AutoRun.inf . ((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))) . 2008-07-19 23:44 . 2008-07-19 23:44 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-07-19 23:43 . 2007-10-04 10:22 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2008-07-19 18:43 . 2008-07-19 18:43 17,920 --a------ C:\WINDOWS\system32\tbsrch.dll 2008-07-19 18:43 . 2008-07-19 18:43 17,920 --a------ C:\WINDOWS\system32\tbsch.dll 2008-07-19 18:43 . 2008-07-19 18:43 17,920 --a------ C:\WINDOWS\system32\tbrsrch.dll 2008-07-19 18:35 . 2008-07-19 18:35 <DIR> d-------- C:\Programfiler\iPod 2008-07-19 18:34 . 2008-07-19 18:34 <DIR> d-------- C:\Programfiler\QuickTime 2008-07-19 18:34 . 2008-07-19 18:35 <DIR> d-------- C:\Programfiler\iTunes 2008-07-19 18:34 . 2008-07-19 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-07-19 18:33 . 2008-07-19 18:33 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-07-19 18:32 . 2008-07-19 18:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-07-17 19:31 . 2008-07-17 19:31 244 --ah----- C:\sqmnoopt19.sqm 2008-07-15 22:44 . 2008-07-15 22:44 268 --ah----- C:\sqmdata19.sqm 2008-07-15 22:44 . 2008-07-15 22:44 244 --ah----- C:\sqmnoopt18.sqm 2008-07-15 21:48 . 2008-07-15 21:48 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-15 21:48 . 2008-07-15 21:48 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-15 21:48 . 2008-07-15 21:48 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-15 21:25 . 2008-07-15 21:25 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-07-15 21:25 . 2008-07-15 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-07-15 21:09 . 2008-07-15 21:09 268 --ah----- C:\sqmdata18.sqm 2008-07-15 21:09 . 2008-07-15 21:09 244 --ah----- C:\sqmnoopt17.sqm 2008-07-07 18:26 . 2008-07-07 18:26 268 --ah----- C:\sqmdata17.sqm 2008-07-07 18:26 . 2008-07-07 18:26 244 --ah----- C:\sqmnoopt16.sqm 2008-07-05 09:44 . 2008-07-05 09:44 <DIR> d-------- C:\Documents and Settings\Johan Braseth\Programdata\aAvgApi 2008-07-05 09:42 . 2008-07-05 09:42 268 --ah----- C:\sqmdata16.sqm 2008-07-05 09:42 . 2008-07-05 09:42 244 --ah----- C:\sqmnoopt15.sqm 2008-06-29 23:43 . 2008-06-29 23:43 268 --ah----- C:\sqmdata15.sqm 2008-06-29 23:43 . 2008-06-29 23:43 244 --ah----- C:\sqmnoopt14.sqm 2008-06-29 12:46 . 2008-06-29 12:46 268 --ah----- C:\sqmdata14.sqm 2008-06-29 12:46 . 2008-06-29 12:46 244 --ah----- C:\sqmnoopt13.sqm 2008-06-27 12:45 . 2008-06-27 12:45 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-22 00:06 . 2008-06-22 00:06 268 --ah----- C:\sqmdata13.sqm 2008-06-22 00:06 . 2008-06-22 00:06 244 --ah----- C:\sqmnoopt12.sqm 2008-06-21 21:17 . 2008-06-21 21:18 268 --ah----- C:\sqmdata11.sqm 2008-06-21 21:17 . 2008-06-21 21:18 244 --ah----- C:\sqmnoopt11.sqm 2008-06-21 21:17 . 2008-06-21 21:18 136 --ah----- C:\sqmdata12.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-05 07:44 --------- d-----w C:\Documents and Settings\Johan Braseth\Programdata\aAvgApi 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-14 07:46 --------- d-----w C:\Programfiler\AVG 2008-06-14 07:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 04:22 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2008-04-23 04:22 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2008-04-23 04:22 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-04-23 04:22 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-04-23 04:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-04-23 04:22 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}] 2008-07-19 18:43 17920 --a------ C:\WINDOWS\system32\tbsch.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 00:02 53248] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 15:05 729177] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "PCMService"="C:\Programfiler\Acer\Acer Arcade\PCMService.exe" [2005-12-13 21:31 151552] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "ntiMUI"="C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 18:28 344064] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 11:58 3080192] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263] "REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "hpqSRMon"="C:\Programfiler\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 09:34 81920] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-15 21:48 1232152] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ ExifLauncher2.lnk - C:\Programfiler\FinePixViewer\QuickDCF2.exe [2007-11-22 20:22:24 303104] HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Acer\\Acer Arcade\\PCMService.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-15 21:48] R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-15 21:48] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc *Newly Created Service* - CATCHME *Newly Created Service* - INT15.SYS *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-07-19 16:33:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-20 00:34:54 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-20 0:35:20 ComboFix-quarantined-files.txt 2008-07-19 22:35:18 Pre-Run: 42,089,349,120 byte ledig Post-Run: 42,950,819,840 byte ledig 169 --- E O F --- 2008-07-18 10:33:04 Lenke til kommentar
norbat Skrevet 19. juli 2008 Del Skrevet 19. juli 2008 (endret) Har du mistanke om noe? Endret 19. juli 2008 av norbat Lenke til kommentar
appelsinbrus Skrevet 19. juli 2008 Forfatter Del Skrevet 19. juli 2008 Ja, leste i en annen tråd at en kombo-fix kunne vise om jeg har feil eller ikke; har stressa med malware i dagesvis, får ikke fjerna det. Kommer opp at jeg MÅÅÅÅÅ få installert virusprogrammet som kommer poppende opp på skjermen, fordi jeg har så fryktelig mye virus.. Plagsomt er det, og jeg får ikke fjerna det, jeg som trodde jeg hadde ganske grei kontroll med akkurat denne delen av maskina.. Hijackthis i stedet? Lenke til kommentar
norbat Skrevet 19. juli 2008 Del Skrevet 19. juli 2008 Nei, det er bare jeg som er litt på overtid Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\tbsrch.dll C:\WINDOWS\system32\tbsch.dll C:\WINDOWS\system32\tbrsrch.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}] Du trenger ikke å poste loggen. Har du nylig kjørt en scan med Superantispyware? Hvis ikke, gjør du det. Lenke til kommentar
appelsinbrus Skrevet 20. juli 2008 Forfatter Del Skrevet 20. juli 2008 Takk for hjelpa! Ser ut til å funke bedre her nå. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå